Program adapter

The program adapter allows external systems to communicate with WebSphere Commerce by passing XML requests over the HTTP protocol. The program adapter provides external systems such as procurement systems with a common way to communicate with WebSphere Commerce through HTTP, allowing WebSphere Commerce to act as a supplier to these systems, for buyer and supplier transactions.

The Program Adapter handles incoming XML requests by performing the following actions:

The supported request attributes are specified in the adapter configuration.

Each request is treated as a separate session. The credentials of the message are specified in the control area of the message. By default, the Program Adapter checks the user ID and password parameters to determine the authenticity of a request. The Program Adapter does not support legacy messages because legacy messages do not support the specification of credentials.

The lifecycle of the Program Adapter exists throughout the WebSphere Commerce instance. It is initialized when an instance is started unless its configuration parameters are removed or the adapter is not enabled, and it resides as long as the instance runs.


Program Adapter security for HTTP requests

This level of security requires that a request sent to WebSphere Commerce contains a user ID and password. If the password does not match the specified user ID, a security exception is thrown and the request is rejected. If the user ID and password are not specified in the request, the request is processed as a guest customer. This means that commands that need authorization before executing must have the credentials specified in the request. This form of security behaves in a similar manner to HTTP requests made from a browser client.

The class that implements this security level is messaging.programadapter.security.CredentialsSpecifiedProgramAdapterSessionContextImpl.

The validation of credentials uses the same technique used when customers interact with WebSphere Commerce through a browser. This takes into consideration whether the user registration is handled by WebSphere Commerce or vendor software.

All of the WebSphere Commerce supported XML integration messages support this level of security, although credential specification is not mandatory. Legacy messages are not supported by this implementation of security.


Program Adapter security for IBM MQ

To change the level of security, change the value of the class attribute in the SessionContext element of the IBM MQ adapter configuration.

Before the request is executed by the WebController, the WebController determines the credentials the request must execute under. This is determined by the specified class, which uses the CommandProperty object to determine the credentials of the request.

There are two levels of security available:

We can also create our own customized security class. The only restriction is that it must implement the ProgramAdapterSessionContext interface.


Related concepts
XML over HTTP
Message mappers